Cyber insurance

Companies can be exposed to damages of many millions and considerable reputational damage if Internet criminals steal data, infect networks with malware or cause servers to crash with denial-of-service attacks. Hardly a week goes by without a report in the media about cyber-attacks. Many of these incidents, like the attack on Sony, are only partly insured because “state-sponsored attacks” (e.g. attacks by secret service operatives) are excluded. Once again, in this relatively new area of insurance it is important to take a detailed look at the relevant insurance conditions.

What is insured?
Companies can arrange comprehensive protection from dangers from the internet. An all-risk policy covers a wide variety of first party and third party damages sustained by companies as victims of Internet criminality (hacking attacks and data loss) or for which they can be held liable by their clients.

First-party damages

Loss of confidential data

Additional costs incurred due to IT failure or misuse of the telephone system

Operational disruption costs, i.e. ongoing costs and loss of revenue.

Crisis management and PR costs

Costs / compensation for extortion

Third party damages

Due to financial losses, e.g. caused by

Breach of the German Data Protection Act

Loss of data confidentiality

Breach of personal rights

Breach of Copyright

Transmission of viruses

Delay in providing Service

Compensation due to non-fulfilment

Contractual penalties/fines

Who provides the insurance?
All market participants recognise enormous potential for growth, although the market is still in its infancy and the number of policies concluded in Germany so far is quite modest. At present about 15 insurers provide cyber insurance. The level of cover still varies greatly. In some cases, “modular” solutions are possible, so that only certain risk areas are insured.